Описание
ELSA-2019-0229: ghostscript security and bug fix update (IMPORTANT)
[9.07-31.el7_6.9]
- Related: #1667442 - CVE-2019-6116 - added missing parts of patch
[9.07-31.el7_6.8]
- Resolves: #1667442 - CVE-2019-6116 ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators
[9.07-31.el7_6.7]
- Resolves: #1665919 pdf2ps reports an error when reading from stdin
- Resolves: #1657333 - CVE-2018-16540 ghostscript: use-after-free in copydevice handling (699661)
- Resolves: #1660569 - CVE-2018-19475 ghostscript: access bypass in psi/zdevice2.c (700153)
- Resolves: #1660828 - CVE-2018-19476 ghostscript: access bypass in psi/zicc.c
- Resolves: #1661278 - CVE-2018-19477 ghostscript: access bypass in psi/zfjbig2.c (700168)
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
ghostscript
9.07-31.el7_6.9
ghostscript-cups
9.07-31.el7_6.9
ghostscript-devel
9.07-31.el7_6.9
ghostscript-doc
9.07-31.el7_6.9
ghostscript-gtk
9.07-31.el7_6.9
Oracle Linux x86_64
ghostscript
9.07-31.el7_6.9
ghostscript-cups
9.07-31.el7_6.9
ghostscript-devel
9.07-31.el7_6.9
ghostscript-doc
9.07-31.el7_6.9
ghostscript-gtk
9.07-31.el7_6.9
Ссылки на источники
Связанные уязвимости
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
In Artifex Ghostscript through 9.26, ephemeral or transient procedures ...
Уязвимость в коде «psi/zdevice2.c» набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, связанная с ошибками типа JBIG2Decode, позволяющая нарушителю обойти установленный контроль доступа